package com.luke.order.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class OrderController {

    @GetMapping(value = "/r1")
    @PreAuthorize("hasAnyAuthority('p1')") //具备p1权限才能访问
    public String r1() {
        //获取当前认证用户信息
        String principal = (String) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        return principal + "访问资源1";
    }

    @GetMapping(value = "/r2")
    @PreAuthorize("hasAnyAuthority('p2')") //具备p2权限才能访问
    public String r2() {
        String principal = (String) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        return principal + "访问资源2";
    }

    @GetMapping(value = "/r3")
    @PreAuthorize("hasAnyAuthority('p3')") //具备p3权限才能访问
    public String r3() {
        String principal = (String) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        return principal + "访问资源3";
    }

}
